Federal agencies reported 35,277 information security incidents to the Department of Homeland Security in fiscal 2017, according to a new report.
Part of the Government Accountability Office’s annual look into Federal Information Security Modernization Act reporting, that number is up from the 30,899 incidents reported to DHS’s U.S. Computer Emergency Readiness Team — a 14 percent increase.
Most of the attacks in 2017 came via unsophisticated methods — for instance, a combined 43 percent came from email spoofing, phishing and other methods of improper usage, GAO found.
The GAO report said the lead culprits for the poor performance were the 17 agencies of the 23 analyzed that are still struggling to put effective cybersecurity programs in place. Seventeen agencies also had “significant information security deficiencies” in their financial reporting controls
“Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk,” GAO concluded in its report, released Tuesday.
Read more analysis of the annual report on CyberScoop.